HTTP Response splitting using CRLF
HTTP header injection allows attackers to add headers or inject content, leading to XSS attack
CRLF Injection
How this template works
APIs Selection
The template uses a query parameter filter to extract the key and value from the request query parameters. It uses a regular expression to match any key and extracts it as "query_key". It also extracts the value as "query_value".
Execute request
The template modifies the query parameter by appending "%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E" to the "query_value". This payload is designed to perform an HTTP response splitting attack by injecting a malicious script.
Validation
The template validates the response payload by checking if it contains either the string "<script>alert(1)</script>". If the response contains this string, it indicates that the attack was successful.
Frequently asked questions
What is HTTP Response Splitting and how does it work
What are the potential impacts of CRLF injections
How does the provided array mitigate CRLF injection attacks
What are the potential risks associated with CRLF injection vulnerabilities
How can developers prevent CRLF injection vulnerabilities
Are there any specific tools or frameworks available for detecting and mitigating CRLF injection vulnerabilities
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "

Security team,
Rippling